What is Claimed is : 

1. A method for using identity-based 
encryption (IBE) to securely convey messages over a 
communications network from a sender to a recipient, 
wherein the recipient has an associated IBE public key 
and an associated IBE private key for use in IBE 
encryption and decryption, wherein the sender uses the 
IBE public key of the recipient and IBE public parameter 
information associated with the recipient to encrypt 
messages for the recipient, wherein the IBE public 
parameter information is maintained on an IBE public 
parameter information host that provides the IBE public 
parameter information over the communications network, 
and wherein the host has a service name that is used to 
communicate with the host over the network, the method 
comprising: 

at the sender, using a service name 
generation rule to generate the service name of the host 
based on the IBE public key of the recipient; 

using the service name to obtain the IBE 
public parameter information associated with the 
recipient for the sender from the IBE public parameter 
host over the network; and 

at the sender, using the IBE public 
parameter information obtained from the IBE public 
parameter host and the IBE public key of the recipient 
to encrypt a message for the recipient. 

2. The method defined in claim 1 further 
comprising : 
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at the sender, using the service name 
generated with the service generation rule and the IBE 
public key to provide the host with a request that the 
host provide the IBE public parameter information to the 
sender; and 

with the IBE public parameter host, 
providing the IBE public parameter information to the 
sender in response to the request for the IBE public 
parameter information from the sender. 

3. The method defined in claim 2 further 
comprising : 

at the sender, sending the request to the 
host server as an email message. 

4. The method defined in claim 1 wherein an 
IBE private key generator is connected to the network, 
the method further comprising electronically conveying 
the IBE public parameter information from the IBE 
private key generator to the host. 

5. The method defined in claim 1 wherein the 
recipient has a message address, the method further 
comprising: 

at the sender, using the service name 
generation rule to generate the service name of the IBE 
public parameter information host by prepending a string 
to at least a portion of the message address. 



47 



6. The method defined in claim 1 wherein the 
recipient has an email address having a domain name 
portion, the method further comprising: 

at the sender, using the service name 
generation rule to generate the service name of the IBE 
public parameter information host by prepending a string 
to the domain name portion of the email address. 

7. The method defined in claim 1 wherein the 
IBE public parameter information host has an identity, 
the method further comprising: 

at the sender, verifying the identity of 
the IBE public parameter information host from which the 
IBE public parameter information is obtained. 

8 . The method defined in claim 7 wherein 
verifying the identity of the IBE public parameter 
information host comprises: 

at the sender, comparing service name 
information received from the IBE public parameter 
information host by the sender to the service name 
generated with the service name generation rule to 
determine whether there is a match. 

9. The method defined in claim 7 wherein the 
IBE public key of the recipient includes a message 
address having a domain name portion and wherein 
verifying the identity of the IBE public parameter 
information host comprises: 

at the sender, comparing identity 
information received from the IBE public parameter 
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information host by the sender to the domain name 
portion of the message address to determine whether the 
identity information matches the domain name portion. 

10. The method defined in claim 7 wherein a 
certificate authority provides a certificate that 
contains the service name of the IBE public parameter 
information host and wherein verifying the identity of 
the IBE public parameter information host comprises: 

providing the certificate that contains 
the service name of the IBE public parameter information 
host to the sender so that the sender can compare signed 
service name information in the certificate to the 
service name of the host that was generated by the 
service name generation rule to determine whether there 
is a match. 

11. The method defined in claim 1 further 
comprising, with the IBE public parameter information 
host, providing the sender with identity information 
signed by a certificate authority. 

12 . The method defined in claim 1 further 
comprising, with the IBE public parameter information 
host, providing the sender with the IBE public parameter 
information signed by a certificate authority. 

13. The method defined in claim 1 wherein 
providing the IBE public parameter information to the 
sender comprises providing the IBE public parameter 
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information to the sender over a secure communications 
link. 

14. The method defined in claim 1 wherein 
providing the IBE public parameter information to the 
sender comprises providing the IBE public parameter 
information to the sender over an insecure 
communications link . 

15. The method defined in claim 14 wherein 
providing the IBE public parameter information to the 
sender over the insecure link comprises using the IBE 
public parameter information host to encrypt the IBE 
public parameter information in a message format prior 
to sending the IBE public parameter information to the 
sender in the message format over the insecure link. 

16. The method defined in claim 1 wherein the 
message is an email message and wherein the IBE public 
key of the recipient comprises an email address, the 
method further comprising: 

at the sender, using the email address of 
the recipient to send the email message to the recipient 
over the communications network. 

17. The method defined in claim 1 wherein the 
message is an instant message and wherein the IBE public 
key of the recipient comprises an instant message 
address, the method further comprising: 
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at the sender, using the instant message 
address of the recipient to send the instant message to 
the recipient over the communications network. 

18. The method defined in claim 1 further 
comprising providing the sender with the service name 
generation rule in a plug-in module. 

19. The method defined in claim 1 further 
comprising providing the sender with the service name 
generation rule as part of an email program. 

20. The method defined in claim 1 wherein the 
service name comprises a domain name, the method further 
comprising : 

at the sender, using the domain name to 
establish a secure sockets layer communications link 
with the IBE public parameter information host over the 
Internet . 

21. The method defined in claim 1 wherein 
there are a plurality of IBE public parameter 
information hosts, each of which maintains different IBE 
public parameter information and each of which has a 
different associated service name, the method further 
comprising: 

at the sender, using the service name 
generation rule to generate the service name that is 
associated with a particular one of the plurality of IBE 
public parameter information hosts and using that 
service name to obtain the IBE public parameter 
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information from that particular one of the plurality of 
IBE public parameter information hosts over the 
communications network . 

22. The method defined in claim 1 wherein the 
recipient comprises a router having an associated IP 
addresses and wherein the host has an associated IP 
address, the method further comprising: 

at the sender, using the service name 
generation rule to generate the service name from the 
recipient's IP address by changing at least one variable 
byte in the recipient's IP address to create the IP 
address of the host. 

23. The method defined in claim 1 wherein the 
IBE public key contains at least one geographical region 
attribute, the method further comprising using the 
service name generation rule to generate the service 
name by basing the service name at least partially on 
the geographical region attribute. 

24. The method defined in claim 1 wherein 
there are a plurality of IBE public parameter 
information hosts, each of which maintains different IBE 
public parameter information and each of which has a 
different associated service name, and wherein the 
recipient has an email address having a domain name 
portion, the method further comprising: 

at the sender, using the service name 
generation rule to generate the service name that is 
associated with a particular one of the plurality of IBE 
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public parameter information hosts by prepending a 
string to the domain name portion of the recipient's 
email address and using that service name to obtain the 
IBE public parameter information from that particular 
one of the plurality of IBE public parameter information 
hosts over the communications network. 
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